[NX-203 Issue] Add production proxy profile with validation and documentation

Introduced a secure, repeatable production proxy profile for reverse proxy and HTTPS deployment, including NGINX configuration, environment variables, and CORS guidance. Added CI workflow for static validation of proxy guardrails and detailed documentation to ensure best practices in deployment.
2026-02-15 12:10:41 +01:00
parent 84bc7b0384
commit 6093c5dea8
8 changed files with 266 additions and 2 deletions
--- a/ops/profiles/prod/.env.production.example
+++ b/ops/profiles/prod/.env.production.example
@@ -0,0 +1,48 @@
+# NexaPG production profile (reverse proxy + HTTPS)
+# Copy to .env and adjust values for your environment.
+
+# ------------------------------
+# Application
+# ------------------------------
+APP_NAME=NexaPG Monitor
+ENVIRONMENT=prod
+LOG_LEVEL=INFO
+
+# ------------------------------
+# Core Database
+# ------------------------------
+DB_NAME=nexapg
+DB_USER=nexapg
+DB_PASSWORD=change_me
+DB_PORT=5433
+
+# ------------------------------
+# Backend
+# ------------------------------
+BACKEND_PORT=8000
+JWT_SECRET_KEY=replace_with_long_random_secret
+JWT_ALGORITHM=HS256
+JWT_ACCESS_TOKEN_MINUTES=15
+JWT_REFRESH_TOKEN_MINUTES=10080
+ENCRYPTION_KEY=REPLACE_WITH_FERNET_KEY
+
+# Production CORS:
+# - no wildcard
+# - set exact public UI origin(s)
+CORS_ORIGINS=https://monitor.example.com
+
+POLL_INTERVAL_SECONDS=30
+ALERT_ACTIVE_CONNECTION_RATIO_MIN_TOTAL_CONNECTIONS=5
+ALERT_ROLLBACK_RATIO_WINDOW_MINUTES=15
+ALERT_ROLLBACK_RATIO_MIN_TOTAL_TRANSACTIONS=100
+ALERT_ROLLBACK_RATIO_MIN_ROLLBACKS=10
+
+INIT_ADMIN_EMAIL=admin@example.com
+INIT_ADMIN_PASSWORD=ChangeMe123!
+
+# ------------------------------
+# Frontend
+# ------------------------------
+# Keep frontend API base relative to avoid HTTPS mixed-content.
+FRONTEND_PORT=5173
+VITE_API_URL=/api/v1